Late last year, the Test Pilot team welcomed a new engineering program manager, Marnie Pasciuto-Wood. In this post, Marnie talks about what it’s been like joining Mozilla and what keeps her busy and inspired outside of work.

In the physical world, we don’t wear our ID on our foreheads. This is convenient because we can walk around with a reasonable expectation of privacy and let our curiosity take us to interesting places. That shoe store you sauntered into because they had a pair that caught your eye has no idea who you are, where you live, or anything about you. More importantly, any attempt by that shoe store to have an employee follow you around would not only be impractical, but would be met with some serious side-eye from potential customers.

CSS Grid is a great layout tool for content-driven websites that include long passages of text, and it has tremendous value for a variety of traditional UI layouts as well. In this article I’ll show you how to use CSS Grid to improve application layouts that need to respond and adapt to user interactions and changing conditions, and always have your panels scroll properly.

As the talks within WebGPU community group progress, it becomes apparent that the disagreements lie in more domains than simply technical. It’s about what the Web is today, and what we want it to become tomorrow.

For the longest time I've used vertical tabs in Firefox and I still find it odd that people don't use it more. It's a simple fact that a horizontal tab strip doesn't scale too well when you get lots of tabs.

With the important 2.0 milestone I decided to give my Easy Passwords project a more meaningful name. So now it is called PfP: Pain-free Passwords and even has its own website. And that’s the only thing most people will notice, because the most important changes in this release are well-hidden: the crypto powering the extension got an important upgrade. First of all, the PBKDF2 algorithm for generating passwords was dumped in favor of scrypt which is more resistant to brute-force attacks. Also, all metadata written by PfP as well as backups are encrypted now, so that they won’t even leak information about the websites used. Both changes required much consideration and took a while to implement, but now I am way more confident about the crypto than I was back when Easy Passwords 1.0 was released. Finally, there is now an online version compiled from the same source code as the extensions and having mostly the same functionality (yes, usability isn’t really great yet, the user interface wasn’t meant for this use case).

I’m delighted to announce the winners of Mozilla’s Reality Redrawn Challenge after my fellow judges and I received entries from around the globe. Since we issued the challenge just two months ago we have been astonished by the quality and imagination behind proposals that use mixed reality and other media to make the power of misinformation and its potential impacts visible and visceral.

If you have tried to imagine the impact of fake news – even what it smells like – when it touches your world, I hope you will come to experience the Reality Redrawn exhibit at the Tech Museum of Innovation in San Jose. Our opening night runs from 6-9pm on May 17th and free tickets are available here. Keep an eye on Twitter @mozilla with the hashtag #RealityRedrawn for more details in the coming weeks. After opening night you can experience the exhibit in normal daily museum hours for a limited engagement of two weeks, 10am-5pm. We will be looking to bring the winning entries to life also for those who are not in the Bay Area.

2017 was a big year for Firefox DevTools. We updated and refined the UI, refactored three of the panels, squashed countless bugs, and shipped several new features. This work not only provides a faster and better DevTools experience, but lays the groundwork for some exciting new features and improvements for 2018 and beyond. We’re always striving to make tools and features that help developers build websites using the latest technologies and standards, including JavaScript frameworks and, of course, CSS Grid.

Mozilla has released an improved 0.3 version of its open source, Linux-based Things Gateway software for setting up a home automation gateway on the Raspberry Pi, featuring a new rules engine and improved voice support.

In July, Mozilla announced a Project Things Internet of Things project for a decentralized open source gateway that uses standard web technologies. The software is designed to comply with the W3C’s Web of Things (WoT) standard. The project previously released an early version of a Things Gateway stack that runs on a Raspberry Pi. Now, it’s introducing a new release (v.0.3) of the gateway software, along with a tutorial to help users get started.

These Weeks in Dev-Tools will keep you up to date with all the exciting dev tools news. We plan to have a new issue every few weeks. If you have any news you'd like us to report, please comment on the tracking issue.

An extension is software developed by a third party that modifies how you experience the web in Firefox. Since they work by tapping into the inner workings of Firefox, but are not built by Mozilla, it’s good practice to understand the permissions they ask for and how to make decisions about what to install. While rare, a malicious extension can do things like steal your data or track your browsing across the web without you realizing it.

We have been taking steps to reduce the risk of extensions, the most significant of which was moving to a WebExtensions architecture with the release of Firefox 57 last fall. The new APIs limit an extension’s ability to access certain parts of the browser and the information they process. We also have a variety of security measures in place, such as a review process that is designed to make it difficult for malicious developers to publish extensions. Nevertheless, these systems cannot guarantee that extensions will be 100% safe.

You’ve heard about how fast the new Firefox is. You’ve heard it’s made by people who want the web to be awesome for everyone. You like that, you’re curious to try, but you hesitate. Moving from Chrome to Firefox seems like work. Fussy, computer-y IT work. Ugh. ”What about all my “stuff”? I don’t want to set all this up again.”

Mozilla has patched a nasty security bug in Firefox, affecting versions 56, 57 and 58, and their point updates.

The CVSS-8.8-rated flaw means that if an attacker can get a user to open a malicious document or link, remote code execution becomes a possibility – allowing spyware, ransomware and other nasties to be installed and run.

As Mozilla rethinks how we do open, thinking strategically about how we work with contributors and others throughout the product lifecycle (and sharing some of our approaches, well, openly), we thought it would be good to take a look at how NASA engineers use open innovation as an valuable tool.

On January 31, we'll hear from Steve Rader, the Deputy Manager for NASA's Center of Excellence for Collaborative Innovation (CoECI). We'll learn how a large, bureaucratic organization tasked with the wildest innovation goals became more nimble and innovative by identifying and effectively working with outside collaborators, and what lessons might apply to us as we innovate in the open at Mozilla.

Cynthia is digital communications strategist and front-end developer with expertise on technical consulting, user and staff training and customer service in IT and Telecom segments. She has been a part of the Mozilla community for a long time and and her work has made a big push into Mozilla’s mission through local community efforts.

The most powerful aspect of the web is also what makes it so challenging to build for: its universality. When you create a website, you’re writing code that needs to be understood by a plethora of browsers on different devices and operating systems. It’s difficult.

To make the web evolve in a sane and sustainable way for both users and developers, browser vendors work together to standardize new features, whether it’s a new HTML element, CSS property, or JavaScript API. But different vendors have different priorities, resources, and release cycles — so it’s very unlikely that a new feature will land on all the major browsers at once. As a web developer, this is something you must consider if you’re relying on a feature to build your site.

2017 was a big year for the Rust systems programming language. Now, members of the open source project are looking to consolidate last year’s progress – making Rust easier to learn and use – and publish the first major update to the stable 2015 Rust release.

“We’re making Rust a much nicer place to be,” said Aaron Turon, a Rust core team member and engineering manager at Mozilla. “We’re working to create a more productive environment for programmers – especially those new to the language.”

Every year there are multiple Rust events around the world, bringing together the community. Despite being early in the year, we’re excited to be able to highlight several events that are already being organized!

Hello and welcome to another issue of This Week in Rust! Rust is a systems language pursuing the trifecta: safety, concurrency, and speed. This is a weekly summary of its progress and community. Want something mentioned? Tweet us at @ThisWeekInRust or send us a pull request. Want to get involved? We love contributions.

In December, we launched a tv show tie-in with Mr. Robot, Looking Glass, that alarmed some people because we didn’t think hard enough about the implications of shipping an add on that had the potential to be both confusing and upsetting. We’re deeply sorry for this and we understand why it’s important for us to learn and grow from this experience. As mentioned last month, we conducted a post-mortem to better understand how and why this happened and how we can do better.

Rest assured, in 2018, we will invest heavily in shaping public policy issues that contribute to and advance a healthy internet. We’ll continue our leadership on multi-year issues like privacy and security. We’ll keep fighting the critical ongoing battles like copyright reform and net neutrality. And we’re looking at emerging topics related to openness and decentralization, understanding and fighting back against the future of gatekeeper control of our internet. We also have incredible depth left to be explored on how we perceive and experience trust online, and who around the world really gets included and can take full advantages of the opportunities of the internet. Some of the policy issues we tackle will be major headlines, even more so in 2018 than they were in 2017 – issues like competition, artificial intelligence, and intermediary liability. And we will be there. Across the board, in 2018, we will engage in public policy wherever we can to promote a healthy, open, trusted internet.

The web is the largest software platform ever, a great equalizer that works on any device, anywhere. The more it can do, the better off we’ll be. That’s the thinking behind Progressive Web Apps (PWA), mobile-friendly websites that can almost everything native apps can do, and they’re coming to Firefox for Android.

Mozilla has sent a CA Communication to inform Certificate Authorities (CAs) who have root certificates included in Mozilla’s program about current events related to domain validation for SSL certificates and to remind them of a number of upcoming deadlines.

One of the most prevalent and frightening things that women have to deal with online is the threat of stalking and severe harassment. Having been frequent targets of abuse, online harassment and stalking for the better part of a decade, it is clear that over the past few years, the Kardashian-Jenner clan have become experts in privacy because they’ve been forced to— these women have learned the hard way that they need to be in control of information about their private lives.

In preparation for the MDN redesign I examined our analytics to get an idea of how wide our users’ browser windows were. I wanted window widths, not screen sizes and I thought a chart would tell a more compelling story than a table.

Throughout the years, we have been extremely lucky to have an amazing array of great people joining us and contributing in many various ways. There has been some spam here and there, we’ve had some people getting very emotional and unhappy about various aspects of SUMO or Mozilla, but so far we have had relatively few cases that needed Administrator investigation.

Obviously, all that luck does not mean that interpersonal conflicts on different levels do not happen right now or will not happen in the future. We acknowledge this fact and want to be prepared for such moments, as infrequent as they are. Staying a step ahead of potential problems will help us provide you with a SUMO community experience you all can enjoy and be a part of.

Amazon Fire TV users! Here at Mozilla, we believe you should have the ability to watch what you want or view the web how you want. Firefox for Fire TV, our browser for discovering and watching web video on TV, is here on Amazon Fire TV and Fire TV stick. You can launch popular video websites, like YouTube or Vimeo, load any website address and search the web for videos to play full screen on your TV, all from the comfort of your couch.

Google has promoted its Chrome 64 web browser to the stable channel today for Linux, Mac, and Windows platforms, finally bringing the patches for the Meltdown and Spectre timing attacks.

Chrome 64 has been in beta phase for the past six weeks, though it's been in development since the end of October 2017. It's the first release of the web browser to ship with security fixes to address the Meltdown and Spectre timing attacks. Google has detailed these patches earlier this month.

Google has started to roll out the latest version of its browser, Chrome 64, to Windows, Mac and Linux devices. The update will arrive to users throughout the next few days or weeks and comes with some handy features and important mitigation related to the Meltdown and Spectre CPU vulnerabilities.

Chrome 64 is now available for Linux, Mac and Windows, featuring a stronger ad blocker and several security fixes, including mitigations for Spectre and Meltdown. See the release updates for more info.

Google has released Chrome 64 for Windows, Mac, and Linux, bringing a stronger pop-up blocker, over 50 security fixes, and more mitigations for the Spectre attack.

As Google promised last year, Chrome 64 introduces a stronger pop-up block to protect against sneaky tactics that lead users to unwanted content through redirects.

The abusive experiences that the blocker targets are practices often used by shadier sections of the web, including ads or parts of a page that create bogus site warnings and error messages, 'close' buttons that that do something other than close a page element, and play buttons that open third-party sites offering to download an app.

LG releases webOS Open Source Edition, looks to expand webOS usage

LG’s smart TVs ship with an operating system called webOS, which is the latest version of an operating system that was developed by Palm to run on phones, acquired by HP to use with tablets, and eventually sold to LG, which is still using it today.
But now LG wants to expand the adoption of webOS and the company is working with the South Korean government to solicit business proposals from other companies interested in using webOS.
LG has also released a webOS Open Source Edition version of the operating system.

Test driving 4 open source music players and more

In my last article, I described my latest music problem: I need an additional stage of amplification to make proper use of my new phono cartridge. While my pre-amplifier contains a phono stage, its gain is only suitable for cartridges that output about 5mV, whereas my new cartridge has a nominal output of 0.4mV.
Based on my investigation, I liked the looks of the Muffsy phono kits, so I ordered the head amplifier, the power supply, and the back panel. I also needed to obtain a case to hold the boards and the back panel, available online from many vendors. Muffsy does not sell the “wall wart” necessary to power the unit, so I ordered one of those from a supplier in California. Finally, inspecting my soldering iron, solder “sucker,” and solder, I’ve realized I need to do better—so a bit more shopping, online or local, is in order there. Finally, for those, like me, whose soldering skills may be rusty and perhaps were not all that great to begin with, Muffsy kindly offers links to two instructional videos.